Privacy Policy

1. Introduction

PulseRank operates pulserank.ai and provides the PulseRank WordPress plugin.

Important note on purchases and billing: Purchases, subscription management, invoices/receipts, and license management may be provided through Freemius, which can act as the authorized reseller and Merchant of Record for eligible transactions. In those cases, Freemius processes payment and billing information and provides the customer portal used to manage subscriptions and licenses.

We remain responsible for providing the plugin, product support, and product-related communications.

2. Scope of This Policy

2.1 Our Website and Services (pulserank.ai)

This policy covers personal data relating to:

• Website Visitors: anyone browsing pulserank.ai, documentation, and marketing pages
• Purchasers (Freemius Checkout/Portal): customers who purchase licenses through Freemius checkout and manage subscriptions/licenses through the Freemius Customer Portal (which may be accessible from pulserank.ai via embedding)
• Support Users: anyone contacting support or sharing diagnostics/logs
• Email Subscribers: anyone subscribing to marketing emails or newsletters

2.2 The PulseRank Plugin

The PulseRank plugin is a self-hosted analytics tool. When you install PulseRank on your WordPress site, visitor analytics data is stored locally on your server (in your WordPress database). We do not receive or have access to your website visitor analytics data in normal operation.

This Privacy Policy primarily covers our website, commerce/admin relationships, and support interactions. For plugin visitor-data behavior, see Section 13.

3. Information We Collect

We collect information from you when you interact with our website, purchase or manage licenses, and use support.

3.1 Website Account Information (if offered)

If you create a PulseRank website account (where applicable), we may collect:

• Email address (required for account creation and communication)
• Name (optional)
• Company name (optional)
• Password (stored using industry-standard hashing; never stored in plain text)

Note: If your purchase/licensing is managed through Freemius, your primary “customer account” for subscription and license management will typically exist within Freemius systems (see Section 3.2).

3.2 Purchases, Subscriptions, and Billing (Freemius)

When you purchase a PulseRank license or manage a subscription, your checkout and billing experience may be handled through Freemius (Merchant of Record for eligible transactions).

What Freemius may collect:

• Billing contact details (name, email)
• Billing address
• Tax/VAT information (where applicable)
• Payment method details
• Transaction identifiers
• Fraud/security signals and compliance-related data

What we may receive (from Freemius):

• Purchaser email and basic account metadata
• Order and subscription status (active/canceled/expired)
• Plan/tier purchased
• License key status and license metadata
• Activation/installation counts and related license telemetry needed to provide licensing and support

What we do not receive:

Full payment card details

3.3 Support and Communications

When you contact our support team or communicate with us, we may collect:

• Support ticket content (questions, issues, our responses)
• File attachments (screenshots, logs, exports, diagnostic files you voluntarily provide)
• Email correspondence and metadata (timestamps, headers)
• Chat transcripts (if live chat is used)

3.4 Website Usage Data

When you visit pulserank.ai, we may automatically collect:

• IP address (for security, fraud prevention, and analytics)
• Browser type/version (User-Agent string)
• Operating system
• Referring website
• Pages viewed and time spent
• Device type
• Approximate geographic location (country/region derived from IP)

3.5 Marketing and Newsletter Data

If you subscribe to our newsletter or marketing emails, we may collect:

• Email address
• Subscription preferences (where offered)
• Email engagement data (opens, clicks, unsubscribes)

3.6 Information from Third Parties

We may receive information about you from:

Analytics providers (e.g., Google Analytics, Plausible): aggregated usage data

Freemius: purchase/subscription status, license status, activation counts, refund/chargeback status (where relevant to support)

Marketing and advertising platforms (e.g., Google Ads, LinkedIn): campaign performance, conversion events

4. Cookies and Tracking Technologies

We use cookies and similar technologies on pulserank.ai to provide, secure, and improve our services. Where required by law (e.g., ePrivacy/GDPR), we do not set non-essential cookies without consent.

4.1 Types of Cookies We Use

4.2 Specific Cookies

First-party cookies (set by pulserank.ai):

• pulserank_session (session identifier)
• cookie_consent (stores cookie preferences)

Third-party cookies (set by vendors used on pulserank.ai, where enabled):

• Google Analytics (e.g., _ga, _gid)
• Advertising pixels (where enabled)

Freemius Checkout / Customer Portal:

If you interact with checkout, billing management, or the customer portal, cookies and similar technologies may be set by Freemius and its service providers for security, fraud prevention, payment processing, and session management.

4.3 Managing Cookies

You can control cookies through browser settings. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies (may affect functionality)
• Receive notifications when cookies are set

Browser-specific instructions: Chrome, Firefox, Safari, Edge

Opt-out of targeted advertising: Google Ads Settings, Facebook Ad Preferences, NAI Opt-Out

5. How We Use Your Information

5.1 Provide and Improve Our Services

• Provide access to documentation, downloads, and product information
• Provide technical support and respond to inquiries
• Troubleshoot issues and improve product quality

5.2 Commerce, Licensing, and Customer Administration

• Confirm purchase/subscription status (via Freemius)
• Manage license validation, activations/installations, and entitlement checks
• Facilitate renewals, upgrades/downgrades, cancellations (via Freemius portal)

5.3 Communication

• Send transactional messages (e.g., onboarding, important notices, support replies)
• Send security notices and product updates
• Send renewal reminders and billing-related notices (directly or via Freemius)

You can opt out of marketing emails at any time using the unsubscribe link in every email.

5.4 Marketing (Where Permitted)

• Send newsletters and educational content
• Promote new features and offers
• Conduct surveys and request feedback

You can opt out of marketing emails at any time via the unsubscribe link in each message.

5.5 Analytics and Business Intelligence

• Analyze website usage and conversion funnels
• Improve documentation and product onboarding
• Make product roadmap decisions

5.6 Security and Fraud Prevention

• Detect and prevent abuse, spam, and unauthorized access
• Protect our systems and users
• Support fraud prevention in commerce workflows

5.7 Legal Compliance

• Comply with applicable laws and lawful requests
• Enforce our Terms and protect our rights

6. Legal Basis for Processing (GDPR)

If you are in the EEA, UK, or Switzerland, we process personal data based on:

Withdrawing consent: You may withdraw consent at any time (e.g., unsubscribe).
Objection: You can object to processing based on legitimate interests (see Section 10).

7. Third-Party Services and Data Sharing

We share personal data with trusted service providers who help operate our services. Providers are required to protect data and use it only for the intended purposes.

7.1 Commerce, Licensing, and Customer Portal (Freemius)

Freemius may handle checkout, subscriptions, invoicing/receipts, license issuance, activation/installation tracking, and customer portal access. In such cases, Freemius processes personal data necessary to provide these services and may use its own service providers.

Data we may share/receive: purchase metadata, subscription status, license status, activation/installation counts, and other details needed for licensing and support.

7.2 Analytics and Performance Monitoring (Website)

If enabled, we may use analytics services such as:

• Google Analytics
  • Purpose: understand website traffic and performance
  • Data: device/browser data, page views, referrers; IP handling depends on configuration
  • Opt-out: Google Analytics opt-out browser add-on (where applicable)

We may use privacy-focused analytics alternatives (e.g., Plausible/Fathom) depending on configuration.

7.3 Hosting and Infrastructure

We host our core website and systems primarily in the EEA where feasible. We may use infrastructure providers (hosting, CDN, security, email delivery, support tooling) that operate global networks.

7.4 When We May Disclose Your Information

We may disclose your personal information in the following situations:

• With your consent
• Business transfers (merger/acquisition/asset sale)
• Legal requirements (laws, subpoenas, court orders)
• Protect rights/security (fraud, abuse, threats)
• Aggregated/anonymized statistics (non-identifying)

We do not sell personal information to third parties for marketing purposes.

8. Data Retention

We retain personal data only as long as necessary for the purposes described, unless a longer period is required by law.

8.1 Account Data (PulseRank website, if applicable)

• Active accounts: retained while your account is active
• Inactive accounts: deleted after 24 months of inactivity (with prior notice)
• Deleted accounts: purged within 30 days of a valid deletion request (unless legal retention applies)

8.2 Commerce Records (Freemius)

Invoices/receipts and transaction records are typically generated and retained within the Merchant of Record flow.

We may retain limited commerce metadata (e.g., plan, license status, timestamps, payout summaries) for bookkeeping, dispute handling, and support.

8.3 Support Communications

• Support tickets: retained for 3 years after closure (quality and reference)
• Email correspondence: retained as part of ticket history

8.4 Marketing Data

• Subscribers: until you unsubscribe
• Suppression list (unsubscribed): retained to honor opt-out
• Engagement data: retained up to 2 years

8.5 Website Analytics

Retention depends on configuration and provider settings, typically from 1 day to 12 months.

9. Data Security

We implement technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

9.1 Technical Measures

Encryption in transit (HTTPS/TLS)

Access controls and least-privilege permissions

Backups, logging, and monitoring

9.2 Organizational Measures

• Role-based access control
• Security awareness practices
• Incident response procedures
• Vendor due diligence and data minimization

9.3 Your Responsibilities

• Use a strong, unique password
• Enable 2FA where available
• Keep credentials confidential
• Report suspicious activity to [email protected]

9.4 Data Breach Notification

Where required, we will notify competent authorities and affected individuals in accordance with applicable law (including GDPR timelines where applicable).

10. Your Privacy Rights

10.1 Rights for All Users

• Access to personal data
• Correction of inaccurate data
• Deletion (where applicable)
• Data portability (machine-readable format where applicable)
• Opt-out of marketing communications

10.2 Additional Rights (GDPR – EU/EEA/UK/Switzerland)

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Objection (Art. 21)
• Portability (Art. 20)
• Withdraw consent
• Lodge a complaint with a supervisory authority

Response time: We respond within one month, subject to lawful extensions.

10.3 Additional Rights (CCPA/CPRA – California Residents)

If applicable, you may have rights to know, delete, and correct, and to opt out of “sale/share” (we do not sell personal information).

10.4 How to Exercise Your Rights

If applicable, you may have rights to know, delete, and correct, and to opt out of “sale/share” (we do not sell personal information).

Email: [email protected]
Subject: “Privacy Rights Request”
Include: email associated with your account/purchase, and your request details.

Important routing note: Requests relating to billing, subscriptions, invoices/receipts, and customer portal data may require coordination with Freemius systems. We will help route your request appropriately and respond with what we control directly.

11. International Data Transfers

11.1 Where we process data

We aim to process personal data within the EEA where feasible, but some service providers (commerce, fraud prevention, analytics, support, email delivery) may process data outside the EEA, including the United States.

11.2 Transfer mechanisms and safeguards

Where personal data is transferred outside the EEA, we rely on lawful transfer mechanisms, such as:

• Adequacy decisions (where applicable)
• Standard Contractual Clauses (SCCs) and other safeguards under Article 46 GDPR

11.3 Additional information

You may contact [email protected] to request information about subprocessors and safeguards relevant to current international transfers.

12. Children’s Privacy

PulseRank is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete it promptly.

13. Information About the PulseRank Plugin

This section describes data handling when you install PulseRank on your WordPress site.

13.1 The Plugin is Self-Hosted

When you install PulseRank:

• Visitor analytics data is stored on your server (WordPress database)
• We do not receive or access your visitor analytics data in normal operation
• You are the data controller for visitor data collected on your site
• The plugin does not transmit visitor analytics data to PulseRank servers for analytics processing

13.2 What Data Does the Plugin Collect?

The plugin collects analytics data about visitors to your website, including:

• Hashed IP addresses (SHA-256, never plain text; Hashed IP addresses are used as a pseudonymous identifier to reduce privacy impact; they are not stored in plain text)
• User agent strings (browser/bot identification)
• Page URLs visited
• Referrer information (where visitors came from)
• Timestamps and session duration
• Bot detection data (AI crawler identification)
• Conversion events (if WooCommerce integration enabled)

Cookie: The plugin sets one first-party cookie (pulserank_sid, 7 days) for session tracking on YOUR domain.

13.3 Your Responsibilities as a Plugin User

When you use the PulseRank plugin on your WordPress site, you must:

• Maintain your own privacy policy that discloses the use of analytics and cookies
• Obtain necessary consents from your website visitors (where required by GDPR, ePrivacy, etc.)
• Handle data subject requests from your visitors using WordPress privacy tools
• Configure data retention appropriately (plugin settings allow 30-730 days)
• Comply with applicable laws in your jurisdiction and your visitors’ jurisdictions

13.4 Privacy Features Built Into the Plugin

The plugin includes privacy-by-design features:

• IP address hashing (no plain text storage)
• GDPR privacy export/erasure integration (WordPress privacy tools)
• Consent filter hook (pulserank_tracking_enabled) for CMP integration
• Configurable data retention (automatic cleanup)
• Exclusion of logged-in administrators
• No external API calls for analytics tracking

13.5 External Services Used by the Plugin (Optional)

If you enable Enhanced Bot Detection in plugin settings, the plugin may download public IP range lists from:

• Google (Googlebot verification)
• Microsoft Bing (Bingbot verification)
• OpenAI (GPTBot verification)

No personal data is sent to these services—the plugin only fetches public JSON files for bot verification.

14. Changes to This Privacy Policy

We may update this policy to reflect changes in practices, legal requirements, or business operations.

• We will update the “Last Updated” date
• Material changes may be communicated to account holders or customers (where feasible)
• Continued use after the effective date constitutes acceptance
• If you disagree, you may stop using the services and request account deletion (where applicable)

15. Contact Us

Contact Page: https://pulserank.ai/contact/

We aim to respond to:

Privacy rights requests: within 30 days (or as required by law)

General privacy questions: within 5 business days

Appendix: Definitions

Personal Data / Personal Information: information relating to an identified or identifiable individual

Controller: entity determining purposes and means of processing

Processor: entity processing personal data on behalf of a controller

GDPR: EU data protection regulation

CCPA/CPRA: California privacy laws

SCCs: Standard Contractual Clauses for international transfers

21. Contact

Support: [email protected]

Legal/Company: Finix Digital SRL, Ilfov County, Romania, Reg No. 50030946